Embodiments address technical shortcomings of known on-line electronic messaging systems and anti-phishing systems.
Many users of the Internet and online software applications have fallen victim to malicious phishing emails or other electronic messages resulting in theft of their personal, sensitive and security information and financial losses. Phishing generally refers to malicious attempts to steal a consumer's data by, for example, imitating an electronic communication such that the electronic communication appears to be authentic and from a trustworthy source when the electronic communication is actually from a thief, thus using the purportedly authentic electronic message as “bait” to “fish” for the user's personal, sensitive or financial information. For example, a malicious electronic message may copy the look and feel of a known website or electronic mail message, using similar logos, structure and content. An unsuspecting consumer, believing that the electronic communication is authentic and from the expected trustworthy source (such as a financial institution or other known host), may proceed with responding to the electronic message by providing sensitive or personal information such as account numbers, social security numbers, credit card numbers and the like, and in doing so, unknowingly providing this information to a thief that is the source of the phishing message.
Phishing techniques may involve email spoofing, messaging (e.g. text or SMS messaging), and imitation of websites. Information acquired by malicious phishing emails may be used by thieves for various purposes including making withdrawals from a user's account, unauthorized credit card transactions or applying for credit cards, making and circulating fraudulent identifications, and taking over on-line accounts such as on-line social media accounts. Phishing websites may also include malware or viruses, which may be executed upon opening a malicious message, and which may disable the consumer's computer, which may be enabled again for payment of an “extortion” fee to the thief. The significance of these issues and the lack of technical solutions to same are evident by estimates that malicious phishing messages may cost consumers as much as 5 billion dollars annually.
Malicious electronic message and phishing that exploit various electronic messaging or web security weaknesses are even more difficult to combat since consumers may not even know how to determine whether an electronic message is authentic or malicious, and if the consumer attempts to call someone regarding a potential malicious electronic message, the consumer may still be unable to confirm that the customer service agent works for the known host and that the person on the other end of the line is not part of the malicious phishing scam.